The adoption of 5G will drive the use of edge computing even further
In 2020, we saw cybersecurity move from a technical problem to become a business enabler. In 2022, we will see 5G go from new technology to a business enabler bringing previously unimaginable use cases because of its high bandwidth and lower latency. Data from the current AT&T Cybersecurity Insights Report shows that 5G technology is being driven by the line of business and has been siloed between IT and OT organizations. In the coming years, we will see these silos that have existed for the past 20 years plus erode further. The silos are fracturing - finally. Old monolithic and back-office applications will give way to new, security-centric applets that drive the workload at the edge – whether that edge is the cloud, a smart city, your car, your farm, your house, or your local medical facility.
5G began its disruptive charge in 2021, and this will continue to accelerate in 2022. 5G introduces new ecosystems, new types of devices, and new applications we only dreamt of before. While in past years, InfoSec was previously the focus and CISOs were the norm – we’re moving to a new cybersecurity world order that expands the role of the CISO to a CSO (Chief Security Officer).
5G, over time, will move everything to the edge – wherever an organization is defining its edge. Devices deployed at the edge will be numerous and stunningly diverse in ways we can only imagine now. This increase and the vast number of use cases from immersive real-time streaming, to real-time connections and inputs to your car, to keeping your phone charged automatically will further drive the adoption of edge computing because of the convenience and simplicity the use cases bring.
5G even changes the old CIA (Confidentiality, Integrity, Availability) triad. With 5G the data lifecycle changes:
Like the disruption of cellular networks and devices, the changing infrastructure caused by remote work is ripe for disruption. However, for organizations to take full advantage of the benefits of 5G, they will need to secure both their physical attributes (ex: electric fueling stations) and software to prevent malicious actors from taking advantage.
In AT&T Cybersecurity’s upcoming Cybersecurity Insights report, we’ll focus on how people are deploying network architectures at the edge. The report will be published in January 2022. In the meantime, you can check out last year’s findings on 5G, Zero Trust, and SASE in the 2021 Cybersecurity Insights report.
While finance, healthcare, energy and utilities companies, along with the private sector will increase their cybersecurity spending, the manufacturing industry will have the most significant impact on disruption
Organizations in finance, healthcare, manufacturing, energy and utilities, and the public sector will all grow their cybersecurity investments in 2022. Manufacturing is a prime area for disruption with the increase in the number of IoT devices during the pandemic. More manufacturing companies are increasing their spending on cybersecurity resources to protect their global supply chain, support the convergence of IT and OT, and build customer trust. While healthcare has been elusive in cybersecurity, many individual medical practices are looking to standardize and secure processes in their facilities as well as experiment with new edge use cases in areas such as remote hospitals and telemedicine.
Ransomware becomes the most feared adversary
2021 was the year the adversary refined their business model – Ransomware-as-a-Service (RaaS) proved that we are living in a software-defined world where anything and everything can be consumed as a service. This year showed how adversaries can attack far more networks and applications through the hybrid workforce. While up until May of 2021, credential stuffing was the biggest area of security concern.The top cybersecurity concern has shifted to ransomware attacks which gained notoriety by shutting down critical infrastructure and hospitals. The general public felt the results of insufficient cybersecurity practices, policies, and procedures. The convergence of IT and OT can cause problems and lead to ransomware attacks if proper cybersecurity hygiene isn’t followed. On many levels, a back-to-basics awareness campaign on cybersecurity still pays tremendous dividends.
The transition from hybrid to a software-defined world
The importance of securing applications in a software-defined world will be critical for protection
The transition to remote work and business model pivots have accelerated the software-defined (SD) world. In a software-defined world, the business and its customers are digital and security is at the core of the business. It has been said that every company is a software company - if the applications that make up the digital experience are not built with a security-first approach, vulnerabilities will make it to production and ultimately be problematic for the business from a revenue, trust, or general security standpoint. The applications or applets (we are no longer writing monolithic back-office IT applications) of 2022 will need to be more compact, purpose-driven, and built with security-in-mind first. While many investors in 2021 invested in application security and data security, application security will continue to be a primary area of investment in 2022. It is important that businesses fail less frequently, learn from the failures, and retain service level agreements during and after a security incident.
Applications of the future will need to be:
- More compact
- Higher levels of quality with a confidence factor built in
- Built with security in mind upfront, i.e. non-functional requirements such as security and performance are necessary.
Application security will be the next most prominent area of investment for VCs and area of interest for software companies
In the past year, venture capitalists have invested heavily in application security and data security. This is a leading indicator of coming innovation made necessary by disruptive forces – and application security is now moving into the limelight. While the OWASP top 20 hasn’t changed in the past 20 years, I wouldn’t be surprised if we have an OWASP for APIs soon like we’ve had for web application security for years.
The transition of cyber hygiene from the workplace to the home
More employees are bringing their cyber skills and learnings into their home environment. By leading with a security-first mindset, if you have proper security and good cyber hygiene at work, you can use those habits in your home life as well. We’re very early on in the cyber revolution, and it’s important to start instilling good habits and cyber hygiene with others at a young age to generate further awareness about what people should and shouldn’t click on, download, or explore.